US Department of Education Principal Office Functional StatementsOffice of Management

Chief Privacy Office

The Chief Privacy Office (CPO) is responsible for assisting the Assistant Secretary for Management in providing leadership, oversight, and coordination to ensure Departmental compliance with Federal laws governing the acquisition, release and maintenance of information. In particular, this relates to the following activities within the Department of Education:

Freedom of Information Act;

Privacy Act (including privacy safeguards);

Federal Records Act (records management and retention);,

Paperwork Reduction Act (information collection clearances)

Family Educational Rights and Privacy Act (FERPA); and

Protection of Pupil Rights Amendment (PPRA).

CPO is responsible for recommending policies, standards, and procedures that ensure ED complies with governmental information management requirements in the above areas. In addition, CPO provides guidance and instruction to Department staff to assure that customers are supported in the performance of these efforts.

CPO is headed by the Director for Privacy who serves as the Department’s Chief Privacy Officer (CPO). The CPO serves as a champion for privacy across ED and with the education community.

CPO is divided into the following Divisions:

Privacy Best Practices Division

FOIA Service Center Division;

Family Policy Compliance Division;

Privacy and Information Collections Clearance Division; and

Records and Document Management Division.

Office of the Director

The Office of the Director provides oversight, direction, and guidance to the CPO staff. This office prepares and manages the CPO budget and serves as the liaison with the OM Executive Office.

Privacy Best Practices Division

The Privacy Best Practices Division is responsible for providing technical assistance to the field and within the Department on privacy best practices, including disclosure avoidance.

In performing its responsibilities, the Division:

Serves as the Department’s principal authority and representative on best practices in excess of the minimum legal compliance mandated by FERPA and PPRA, including topics such as security, data management, governance, transparency, and disclosure avoidance;

Serves as a focal point for the Department’s data management initiatives;

Manages contracts associated with the delivery of privacy technical assistance to the field.

Family Policy Compliance Division

The mission of the Family Policy Compliance Division (called the Family Policy Compliance Office outside of the Department) is to administer laws related to parental and student rights: the Family Educational Rights and Privacy Act; Protection of Pupil Rights Amendment; and the Armed Forces Access to Student and Student Recruiting provision enacted in Section 9528 of the Elementary and Secondary Education Act of 1965, as amended.
In performing its key processes, the Division:

Manages the Department's implementation of FERPA, responding to inquiries from customers, who include parents, students, school officials, congressional staff, and the general public;

Reviews regulations to ensure compliance with the criteria set forth in Executive Order 12606, the Family, September 2, 1987;

Administers requirements under Section 9528 of the Elementary and Secondary Education Act of 1965, as amended by the No Child Left Behind Act of 2001, which requires the disclosure of directory-type information (secondary school students' names, addresses, and telephone listings) to military recruiters as well as providing military recruiters the same access to secondary school students as is provided generally to post-secondary educational institutions or to prospective employers of those students.

FOIA Service Center Division

The FOIA Service Center Division is responsible for assisting the Assistant Secretary for Management and the Chief Privacy Officer in ensuring the Department’s compliance with the Freedom of Information Act. In particular, the Division operates the Department’s case management system that responds to FOIA requests. The Division advises the public and ED employees regarding FOIA requests.
In performing its responsibilities, the Division:

Ensures the prompt, courteous, efficient and successful handling of all FOIA and Privacy Act requests received by the Department;

Serves as the primary office for requestors to obtain information about the status of a FOIA request, and the Department’s response thereto;

Provides guidance and instruction to Department staff for the appropriate receipt, handling, and recording of FOIA and Privacy Act requests;

Develops and provides print and web-based training to Department employees and contractors regarding the unit's mission;

Furnishes reliable, accurate, and timely information on FOIA compliance as required by relevant laws, statutes, regulations and directives, including mandated reports on the status of ED's FOIA operations;

Oversees the successful implementation and management of Department-wide systems and databases that support the successful and efficient handling of FOIA requests; and

Assists the Assistant Secretary for Management and the Chief Privacy Officer with the review of FOIA appeals, and works with the POs' FOIA Coordinators and Action Offices to ensure that all issues raised in an appeal are carefully considered and resolved in making the appeal determination.

Privacy and Information Collections Clearance Division

The Privacy and Information Collections Clearance Division is responsible for assisting the Assistant Secretary for Management and the Chief Privacy Officer in ensuring the Department’s compliance with the Paperwork Reduction Act. The Division also provides guidance and instruction to Department staff regarding processes and procedures regarding the protection of personally identifiable information, including Privacy Act Systems of Records Notices (SORNs) and Privacy Impact Assessments (PIAs). The Division’s accountability is to the CPO in ensuring that appropriate and timely action is taken with respect to systems, processes, and reviews pertaining to the information clearance process. The Division is also responsible for carrying out the duties of ED’s Privacy Advocate under ACS Directive OM: 6-107, which include working with the ED Computer Incident Response Capability (EDCIRC) coordinator to monitor initial fact finding regarding an actual or suspected breach of PII, providing insight and guidance regarding breach risk analysis, external notification, and providing information on current issues, trends, best practices and requirements regarding privacy safeguards, participating in all Privacy Incident Response Team (PIRT) activities, maintaining a record of PIRT actions, and appropriate coordination of PIRT activities, and providing continuing review and improvement of ED’s breach notification policy.

In performing its responsibilities, the Division:

Provides guidance and instruction to Department staff with regard to compliance with the Paperwork Reduction Act, OMB guidance and directives and internal ED policies. Analyzes proposed information collections packages to ensure minimum response burden and cost on the public;

Serves as the Department’s primary liaison with OMB in the analysis and clearance of information collections to assure compliance with internal policies and OMB guidance and directives;

Develops clear and consistent business rules (standards) to expedite information collection clearance activities across the Department;

Provides guidance to Department staff to respond to OMB requirements and promotes opportunities, including partnerships, to reduce burden;

Develops and provides print and web-based training to Department employees and contractors regarding the unit's mission;

Oversees the implementation and management of Department-wide systems and databases that support the successful and efficient handling privacy safeguards administration; and

Coordinates inter-agency development, review and approval of Computer Matching Agreements (CMAs) in support of the Department’s Data Integrity Board.

Coordinates the agency’s forms program.

Records and Document Management Division

The Records and Document Management Division is responsible for developing and implementing strategies and programs designed to ensure compliance with federal information management requirements.

In performing its responsibilities, the Division:

Serves as the Department’s principal authority and representative on records management statutory, regulatory and policy requirements to assure compliance with National Archives and Records Administration (NARA) directives;